Issue
This article shows steps how to set up SSO in ServiceNow with 'MiniOrange', an Identity provider (IdP).
1 - Create a Free Trial account with MiniOrange
https://www.miniorange.com/businessfreetrial
2 - Login with the newly created user account in Miniorange
Click on Users in left menu, this is where you see the newly created username. You can also add new users, either manually or else they can be imported.
3 - Create an application
Click on Apps > Add Application as shown in below:
Click on SAML/WS-FED among available options
Search for ServiceNow and you see an app named Servicenow (SAML)
Click on Servicenow (SAML) app:
Fill in all below details in form which might be available in different tabs as shown in above image e.g. Basic Settings, Attribute Mapping, Login Policy, Advanced Settings etc:
Custom Application Name : type any name/string
*SP Entity ID or Issuer : https://xxxxx.service-now.com
*ACS URL : https://xxxxx.service-now.com/navpage.do
Single Logout URL : https://xxxxx.service-now.com/external_logout_complete.do
Name ID : Username / E-Mail Address (Field value should match sys_user table field in ServiceNow for Authentication)
Group Name : select DEFAULT
*Policy Name : type any name/string
*First Factor Type : select PASSWORD
Click on Save and it might redirect you to App list
In app list, click Select (last column in app list) for Servicenow (SAML) app created above and select Metadata option as shown below:
If you see below image with a warning, it is very likely that Show Metadata Details and copy Metadata URL may or may not work here therefore, please click Back to My Apps and select Metadata option again as in previous step:
Please select either of a) Copy Metadata URL or b) Download Metadata, ServiceNow supports both while configuring a new IdP:
4 - Configure MiniOrange settings in ServiceNow Instance
Create a new Identity Provider in ServiceNow
Go to Multi-Provider SSO > Identity Providers
Click New and select SAML
Clicking on SAML opens below window and asks to import IdP metadata:
Please enter the Metadata URL/XML collected from Miniorange in previous steps:
Click on Import and ServiceNow creates a new IdP record importing all the necessary details from given Metadata. The IdP certificate is also linked with the newly created IdP in ServiceNow and this is how it looks:
Note - Please use IdP metadata URL/XML only to import and avoid filling field values manually which is prone to errors.
Click on the Test Connection button in the IDP form above and it opens a new window.
Enter MiniOrange Username/Email and Password as created in Step 1
When SSO Test Connection is successful, you see a screen like below.
NOTE - It may requires removing Identity Provider's SingleLogoutRequest field value on IdP record for a successful Test Connection like belo:
Please click on Activate to activate above IdP
5- Enable SSO in ServiceNow
- In the Filter navigator, Go to Multi-Provider SSO > Administration > Properties
- Click on Properties
- Set Enable multiple provider SSO property checkbox as True and click on Save.
All the SSO configurations are complete now and user(s) should be able to login via SSO. Just in case, a user cannot login via SSO, please enable SSO debug (above screenshot) and check the logs. Make sure the login user does exist in ServiceNow as well as in MiniOrange application.
If for some reason, user still cannot login via SSO, please open a new case with ServiceNow Technical Support and an engineer will assist you accordingly.
